CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33469
https://notcve.org/view.php?id=CVE-2023-33469
09 Aug 2023 — In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. • http://kramerav.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
08 Aug 2023 — Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 244EXPL: 0CVE-2023-20589 – fTPM Voltage Fault Injection
https://notcve.org/view.php?id=CVE-2023-20589
08 Aug 2023 — An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36923 – Code Injection vulnerability in SAP PowerDesigner
https://notcve.org/view.php?id=CVE-2023-36923
08 Aug 2023 — SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application. SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavio... • https://me.sap.com/notes/3341599 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36095
https://notcve.org/view.php?id=CVE-2023-36095
05 Aug 2023 — An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. • http://langchain.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38943
https://notcve.org/view.php?id=CVE-2023-38943
05 Aug 2023 — ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. • https://github.com/0x727/ShuiZe_0x727 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-37470 – Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint
https://notcve.org/view.php?id=CVE-2023-37470
04 Aug 2023 — Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase al... • https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0118 – Foreman: arbitrary code execution through templates
https://notcve.org/view.php?id=CVE-2023-0118
04 Aug 2023 — An arbitrary code execution flaw was found in Foreman. • https://access.redhat.com/errata/RHSA-2023:4466 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32358 – Apple Safari PDF Plugin Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32358
04 Aug 2023 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213670 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
04 Aug 2023 — Processing web content may lead to arbitrary code execution. ... When processing web content, it may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-416: Use After Free •